CVE-2024-21575 | ltdrdata ComfyUI-Impact-Pack up to 7.6.1 POST Request /upload/temp filename path traversal

Posted by Angelo Barbosa | Dec 12, 2024 | CVE

A vulnerability has been found in ltdrdata ComfyUI-Impact-Pack up to 7.6.1 and classified as critical. This vulnerability affects unknown code of the file /upload/temp of the component POST Request Handler. The manipulation of the argument filename leads to path traversal: ‘…/…//’.

This vulnerability was named CVE-2024-21575. The attack can be initiated remotely. There is no exploit available.

It is recommended to upgrade the affected component.

CVE-2024-21575 | ltdrdata ComfyUI-Impact-Pack up to 7.6.1 POST Request /upload/temp filename path traversal

Related Posts

CVE-2024-21919 | Rockwell Automation Arena Simulation up to 16.20.02 uninitialized pointer

CVE-2024-3482 | OpenText ArcSight Enterprise Security Manager cross site scripting

CVE-2024-39846 | NewPass up to 1.1.x missing encryption

CVE-2024-45271 | MB Connect Line mbNET.mini up to 2.2.13 input validation (VDE-2024-056)